3 matches found
CVE-2019-9924
CVE-2019-9924 : Bash rbash prior to 4.4-beta2 could allow a shell user to modify BASH_CMDS and thereby execute arbitrary commands with the shell’s permissions. IBM CP4S advisory confirms affected product versions: Cloud Pak for Security (CP4S) 1.8.1.0, 1.8.0.0, and 1.7.2.0. Remediation is to upgr...
CVE-2019-18276
CVE-2019-18276 affects GNU Bash up to 5.0 patch 11, where disable_priv_mode in shell.c incorrectly drops privileges when UID real != effective, leaving the saved UID intact. An attacker with shell command execution can use enable -f to load a new builtin (shared object) that calls setuid(), regai...
CVE-2012-6711
CVE-2012-6711 describes a heap-based buffer overflow in GNU Bash prior to 4.3. When wide characters not supported by the current LC_CTYPE locale are printed via the echo builtin, ansicstr() mishandles u32cconv() in lib/sh/strtrans.c, potentially allowing a local attacker to crash a script or exec...